Hi Sebastian,
On 06/05/2016 08:09 PM, Sebastian Andrzej Siewior wrote:
On 2016-06-05 13:27:08 [+0200], Hans van Kranenburg wrote:
The version in the main Debian Stable archive (so not in the additional
jessie-updates) has the option AllowSupplementaryGroups removed (see
#822444), which prevents the program from starting when this option is
present in the configuration file:
clamd[27916]: ERROR: Parse error at line 12: Unknown option
AllowSupplementaryGroups
clamd[27916]: ERROR: Can't open/parse the config file /etc/clamav/clamd.conf
I had to set this option to be able to use clamav with postfix on my
incoming mail servers, and I should not expect them to stop processing mail
because of stable updates.
Updates of packages in Debian Stable must never break existing installations
by changing APIs (configuration file considered being some kind of API).
I wasn't aware that this might break existing installations. I had always the
debconf popping up and the the diff was simple so…
At least make the option deprecated and ignore it with a warning if set, and
only make it disappear when upgrading to Stretch.
So you want me to do another stable update and ignore this option if
set/unset. Sounds reasonable give the circumstances. Did you have
unattended-upgrades running?
Yes, it was upgraded by unattended, so my day started with figuring out
what happened, after a report from a user expecting some mail, and
nagios yelling about the deferred mail queue size in a few locations.
I'd recommend to do a regression update, since you don't know where this
configuration exists and since it's possible to get those mail servers,
or whatever it is going again with another update if the user didn't
find out yet it was broken.
I don't think the change of forcing/defaulting the option to True would
lead to any problem in stable, as the whole option was a bit stupid to
begin with imho. It took me a few hours and a few w*f moments while
upgrading from Wheezy a while ago to debug and find out about it. :o)
Going back to the old behaviour is also not an option, because it will
make users angry who found out, or read this report today, threw out the
option to fix it and then have their clamav broken another time. :D
Thanks,
--
Hans van Kranenburg - System / Network Engineer
T +31 (0)10 2760434 | hans.van.kranenb...@mendix.com | www.mendix.com
